[SystemSafety] Static Analysis
Matthew Squair
mattsquair at gmail.com
Wed Feb 26 05:00:47 CET 2014
There's also a 'fail deadly' error logic in the code as well (I think).
The status of the crypto check is undefined until after the function
defines it so the function can terminate and the calling functions none the
wiser as to whether it did the job. Better to explicitly set the status as
'invalid' upfront ensuring that if the system fails it will fail to a safe
state.
Perhaps we should send Apple security a copy of Saltzer and Schroeder's
principles as well? :)
On Wed, Feb 26, 2014 at 7:40 AM, Peter Bernard Ladkin <
ladkin at rvs.uni-bielefeld.de> wrote:
> Apparently Apple doesn't perform any kind of static analysis on critical
> code. This in its SSL certificate-checking library.
> http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next
>
> As the article points out, a simple automated reachability analysis would
> have highlighted the anomaly. Note that it has been out there in the open
> for a while - the code is open source.
>
> It` 's hard to believe. Does stuff like this happen in the safety-critical
> area to leading companies still?
>
> Very nice piece of tech reporting from the Guardian, though.
>
> PBL
>
> Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
--
*Matthew Squair*
MIEAust CPEng
Mob: +61 488770655
Email: MattSquair at gmail.com
Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140226/8e90052c/attachment.html>
More information about the systemsafety
mailing list